It seems like a good idea to use Google's public DNS 8.8.8.8 and 8.8.4.4 because it's really fast -- much faster than my own ISP's DNS! -- and probably more reliable, too. That seems like a ridiculously quick win for me, and much easier to remember.

Assuming we're not all "tin foil hat" about Google, why shouldn't everybody use Google DNS? How can I determine which DNS server would be the fastest, most reliable, or what would generally be considered the best?

Note: I've seen this question, but I don't want a comparison to OpenDNS. This is about everyday use by everyday people in their homes.

Update: I seem to have put my hand in a wasps' nest of privacy concerns. I appreciate the issue, but I was expecting a more technology-oriented discussion...

Many good questions generate some degree of opinion based on expert experience, but answers to this question will tend to be almost entirely based on opinions, rather than facts, references, or specific expertise.
If this question can be reworded to fit the rules in the help center, please edit the question.

You could interpret "we" as just the people in this household or organization. I'm not trying to rewire the planet :-)
–
Torben Gundtofte-BruunAug 11 '10 at 14:13

3

You asked "why shouldn't everybody use Google DNS" when the answer is primarily based in security concerns. That'd be like asking "why should people lock their doors" and getting mad when the answer is "to keep people out". There's no technical reason to use Google DNS or any of the other free DNS servers over your ISP unless there's a specific problem.
–
Chris SAug 11 '10 at 15:29

How about running your own caching DNS servers? You probably already host DNS for your internal services, so why not just setup those servers to do direct lookups instead of forwarding requests to your ISP or Google?

The benefits:

They are very close to your users (< 2ms)

Caching DNS is dead simple to run

Caching is still fairly effective since your users are probably accessing the same sites (e.g. serverfault.com and facebook.com)

Yup, that would make sense for (larger) organizations, though not for consumers. And what would the internal DNS server use for external addresses -- the ISP or Google?
–
Torben Gundtofte-BruunAug 11 '10 at 19:10

like this method, I think is better than other options. let's handler my own business.
–
BlaShadowJun 13 '13 at 13:20

Why on earth would you think dns caching wasn't a consumer grade thing? You'd hope that a caching dns server would be built into pretty much any ADSL or WIFI router. It's certainly part of any Ubuntu desktop system. Note though that the important thing here is not caching, but where the upstream connections go. If all upstream requests go to one or a few upstream resolvers, then this doesn't address the OP's question.
–
mc0eApr 18 at 15:37

@DougLuxem, Are you suggesting that we post the same identical question in two different places?
–
PacerierJun 5 at 20:25

Larger websites and services, such as Facebook, often use a Content Delivery Network (CDN) to route your request to the closest (and therefore likely fastest) server for their content. They do this via DNS anycast routing, by returning the closest server's address when you perform a DNS query via your DNS server. In other words, where your DNS server is located physically can have an effect on the speeds and response times you get from certain CDN's. Use a DNS server that's close by.

However, these public DNS servers use anycast routing to provide your with a DNS response from the nearest server. Otherwise they couldn't provide you with such fast responses and high uptimes. For example, when you query 8.8.8.8 from The Netherlands, the server that answers the query is not the same one as when you query from Japan. This may partially compensate the CDN problem.

Google itself has a warning to the same effect (where resolver is the DNS server):

Note, however, that because nameservers geolocate according to the resolver's IP address rather than the user's, Google Public DNS has the same limitations as other open DNS services: that is, the server to which a user is referred might be farther away than one to which a local DNS provider would have referred. This could cause a slower browsing experience for certain sites.

Every request sent through a DNS server can be logged and that data collated. This isn't tin foil hat stuff, I know companies that do similar. Who do you trust more with that data, your ISP or Google? That should be part of the decision.
Secondly, the reason everyone shouldn't be using Google's DNS is down the whole nature of the Internet. As it stands, no one company runs or controls the Internet in any way - you have a choice which ISP you use, who you host with, where you host, how you host, who your DNS is hosted with, who you use for your DNS lookups. There is no one person in control and there is no single point of failure or compromise.
Please note I'm not saying don't use Google, just don't put all your eggs in the same basket. Why not use 8.8.8.8 and your ISPs primary nameserver?

I don't trust these Austrian Internet businesses; they seem so clueless. So personally I would prefer Google simply because they've got their act together.
–
Torben Gundtofte-BruunAug 11 '10 at 14:15

You mean using primary = 8.8.8.8 and secondary = my ISP? That would of course increase the chances to get a response if either of them goes down. Interesting.
–
Torben Gundtofte-BruunAug 11 '10 at 14:17

@torbengb, I didn't ask a question. I'm simply trying to state that perhaps you should be more concerned with data mining by your service providers. While it's not an answer to your question, I think it's very important to consider such things; especially for people who still believe companies that say they "do no evil".
–
Chris SAug 11 '10 at 14:40

Oops, I meant "your answer". I'm aware of the privacy issues involved; my stated assumption was intended to steer clear of that discussion in this thread. I could be even more tin foil about less-savvy ISPs, thus making Google appear the wiser choice. (We could have another thread about the privacy issues, corporate ruthlessness, and legal options. But it would be a big thread.)
–
Torben Gundtofte-BruunAug 11 '10 at 14:54

dns packet are routed through udp. Udp is connectionless protocol, so it means if you have
lots of hop's (networks) to travel to google dns you will lose packet or two.
Lost packets in your case mean delay so I would stick to closest DNS you can find to get faster response.

Actually, a reason to use your ISP' DNS is that they can monitor your traffic anyway, and probably do (even in western democracies, governments often ask them to). Whereas Google can only monitor the requests that reach them.
–
GillesAug 11 '10 at 14:39

1

Of course your ISP will monitor your traffic when subpoenaed where as google are doing it to make money and become big brother at the end of the day. Of course they are not santa claus to give you free resolution your isp you are paying for that. Frankly i have no idea why they have joined the DNS game.
–
topdogAug 11 '10 at 14:50

@Gilles: ...and if the people (referred to as "we" above) are using Gmail or Google Apps, then Google probably knows more than enough already.
–
Torben Gundtofte-BruunAug 11 '10 at 14:56

For most ISPs, it's a no brainer because their DNS tends to really suck. DNS makes a huge impact for user experience.

The only downside from my point of view is that you may notice poor performance for sites that use CDNs. I noticed that iTunes download performance wasn't as good with Google DNS... but that's just me.

The privacy issue is a non-starter for me. The only difference between Google monitoring your activities and your ISP is that Google is probably better at getting actual value out of the data. The Jeff and Joel had a really good discussion on the Google DNS issue in one of the later StackOverflow podcasts that is worth listening to.

The only way to really decide is to benchmark it. It is going to be different depending on your connection. You should use a tool like http://www.grc.com/dns/benchmark.htm to find out what is really quicker

This is unnecessary. Your ISP is the first stop, so of course it has a smaller ping because you can't get to the second stop before you get to the first one. But we're comparing the whole package here, not just the ping timings.
–
PacerierJun 6 at 1:43

Google DNS is great but they do go down on occasion. As I write this, 8.8.8.8 and 8.8.4.4 are both unusably slow.

For a personal computer, I recommend Google because they are fast and they will give you an error if there is a failure unlike most ISPs which will take you to an annoying search page.

For servers colocated in data centers, I recommend using the DNS that your DC provides. You can call your DC in the event of an outage whereas Google cannot be contacted and is responsible for nothing.